Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I am infected with Ping.exe Win Vista Home [Closed]


  • This topic is locked This topic is locked

#1
lfb8769

lfb8769

    Member

  • Member
  • PipPip
  • 45 posts
I am running Window Vista Home 32 bit. I noticed that my computer started running slow,
then my audio device stop coming up. Yesterday, Avast told me I had been infected by Ping.exe and
it started redirecting my google searches and website visits. When I tried to use Firefox, website visits. When I tried to use Firefox, Avast didn't like that also. I noticed in Process Explorer that Ping was listed. My computer needs
help. I ran OTL, tdsskiller -twice on second run checked the two items under additional options, aswMBr.exe and unchecked trace disk IO calls, Malwarebytes Anti-Malware and have diskmgmt screen shot. Finally I ran ComboFix, I turned off Avast and it kept telling me it was running. Still scanned. Downloaded it very late and by the time the scan was done it told me ComboFix had
expired. Do I need to run it again? A logs are listed below. I think my registry needs help also. My whole computer just needs help. I look forward to hearing from you
=====================
OTL logfile created on: 1/10/2012 12:23:56 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lisa\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 188.39 Mb Available Physical Memory | 21.08% Memory free
2.01 Gb Paging File | 1.23 Gb Available in Paging File | 61.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.91 Gb Total Space | 100.39 Gb Free Space | 45.24% Space Free | Partition Type: NTFS
Drive D: | 10.97 Gb Total Space | 1.51 Gb Free Space | 13.77% Space Free | Partition Type: NTFS

Computer Name: BARLOW-PC3 | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 23:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/09 05:44:11 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/02/01 05:54:30 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/01 20:00:00 | 001,716,224 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
=================
aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-09 23:49:35
-----------------------------
23:49:35.880 OS Version: Windows 6.0.6002 Service Pack 2
23:49:35.880 Number of processors: 2 586 0x6B02
23:49:35.880 ComputerName: BARLOW-PC3 UserName: Lisa
23:49:37.768 Initialize success
23:49:42.074 AVAST engine defs: 12010901
23:50:03.524 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000052
23:50:03.524 Disk 0 Vendor: Hitachi_ GM2O Size: 238475MB BusType: 3
23:50:03.556 Disk 0 MBR read successfully
23:50:03.556 Disk 0 MBR scan
23:50:03.556 Disk 0 unknown MBR code
23:50:03.556 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227239 MB offset 63
23:50:03.602 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11232 MB offset 465386985
23:50:03.602 Disk 0 scanning sectors +488392065
23:50:03.649 Disk 0 scanning C:\Windows\system32\drivers
23:50:16.021 Service scanning
23:50:17.753 Modules scanning
23:50:29.406 Module: C:\Windows\system32\DRIVERS\cdrom.sys **SUSPICIOUS**
23:50:42.650 AVAST engine scan C:\Windows
23:50:46.847 AVAST engine scan C:\Windows\system32
23:51:25.808 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
23:52:33.826 AVAST engine scan C:\Windows\system32\drivers
23:52:43.733 AVAST engine scan C:\Users\Lisa
00:08:33.773 AVAST engine scan C:\ProgramData
00:13:29.453 Scan finished successfully
00:14:17.490 Disk 0 MBR has been saved successfully to "C:\Users\Lisa\Desktop\MBR.dat"
00:14:17.490 The log file has been saved successfully to "C:\Users\Lisa\Desktop\aswMBR.txt"
==================================
Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.11.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Lisa :: BARLOW-PC3 [administrator]

Protection: Enabled

1/10/2012 6:09:15 PM
mbam-log-2012-01-10 (18-09-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 188456
Time elapsed: 10 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\System32\drivers\cdrom.sys (Trojan.Patched) -> Quarantined and deleted successfully.
===============================
23:44:22.0941 3136 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:44:23.0004 3136 ============================================================
23:44:23.0004 3136 Current date / time: 2012/01/09 23:44:23.0004
23:44:23.0004 3136 SystemInfo:
23:44:23.0004 3136
23:44:23.0004 3136 OS Version: 6.0.6002 ServicePack: 2.0
23:44:23.0004 3136 Product type: Workstation
23:44:23.0004 3136 ComputerName: BARLOW-PC3
23:44:23.0004 3136 UserName: Lisa
23:44:23.0004 3136 Windows directory: C:\Windows
23:44:23.0004 3136 System windows directory: C:\Windows
23:44:23.0004 3136 Processor architecture: Intel x86
23:44:23.0004 3136 Number of processors: 2
23:44:23.0004 3136 Page size: 0x1000
23:44:23.0004 3136 Boot type: Normal boot
23:44:23.0004 3136 ============================================================
23:44:23.0971 3136 Initialize success
23:44:33.0892 5444 ============================================================
23:44:33.0892 5444 Scan started
23:44:33.0892 5444 Mode: Manual;
23:44:33.0892 5444 ============================================================
23:44:35.0468 5444 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:44:35.0468 5444 ACPI - ok
23:44:35.0577 5444 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:44:35.0577 5444 adp94xx - ok
23:44:35.0608 5444 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:44:35.0608 5444 adpahci - ok
23:44:35.0640 5444 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:44:35.0640 5444 adpu160m - ok
23:44:35.0702 5444 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:44:35.0718 5444 adpu320 - ok
23:44:35.0811 5444 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:44:35.0827 5444 AFD - ok
23:44:35.0905 5444 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:44:35.0905 5444 agp440 - ok
23:44:35.0936 5444 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:44:35.0936 5444 aic78xx - ok
23:44:35.0967 5444 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:44:35.0983 5444 aliide - ok
23:44:35.0998 5444 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:44:35.0998 5444 amdagp - ok
23:44:36.0061 5444 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:44:36.0061 5444 amdide - ok
23:44:36.0108 5444 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:44:36.0108 5444 AmdK7 - ok
23:44:36.0139 5444 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
23:44:36.0139 5444 AmdK8 - ok
23:44:36.0232 5444 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:44:36.0232 5444 arc - ok
23:44:36.0295 5444 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:44:36.0326 5444 arcsas - ok
23:44:36.0357 5444 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
23:44:36.0357 5444 aswFsBlk - ok
23:44:36.0435 5444 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
23:44:36.0435 5444 aswMonFlt - ok
23:44:36.0451 5444 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
23:44:36.0451 5444 aswRdr - ok
23:44:36.0544 5444 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
23:44:36.0544 5444 aswSnx - ok
23:44:36.0638 5444 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
23:44:36.0638 5444 aswSP - ok
23:44:36.0669 5444 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
23:44:36.0669 5444 aswTdi - ok
23:44:36.0732 5444 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:44:36.0732 5444 AsyncMac - ok
23:44:36.0825 5444 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:44:36.0825 5444 atapi - ok
23:44:36.0919 5444 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:44:36.0919 5444 Beep - ok
23:44:36.0950 5444 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:44:36.0950 5444 blbdrive - ok
23:44:37.0044 5444 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:44:37.0044 5444 bowser - ok
23:44:37.0122 5444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:44:37.0122 5444 BrFiltLo - ok
23:44:37.0137 5444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:44:37.0137 5444 BrFiltUp - ok
23:44:37.0200 5444 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:44:37.0200 5444 Brserid - ok
23:44:37.0262 5444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:44:37.0262 5444 BrSerWdm - ok
23:44:37.0293 5444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:44:37.0293 5444 BrUsbMdm - ok
23:44:37.0324 5444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:44:37.0324 5444 BrUsbSer - ok
23:44:37.0402 5444 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:44:37.0402 5444 BTHMODEM - ok
23:44:37.0449 5444 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:44:37.0449 5444 cdfs - ok
23:44:37.0480 5444 cdrom (61d48504f34d30b13e7d9a50f855fa07) C:\Windows\system32\DRIVERS\cdrom.sys
23:44:37.0480 5444 cdrom - ok
23:44:37.0590 5444 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:44:37.0590 5444 circlass - ok
23:44:37.0621 5444 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:44:37.0621 5444 CLFS - ok
23:44:37.0652 5444 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:44:37.0652 5444 cmdide - ok
23:44:37.0668 5444 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
23:44:37.0668 5444 Compbatt - ok
23:44:37.0730 5444 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:44:37.0730 5444 crcdisk - ok
23:44:37.0761 5444 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:44:37.0761 5444 Crusoe - ok
23:44:37.0839 5444 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:44:37.0839 5444 DfsC - ok
23:44:37.0948 5444 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:44:37.0948 5444 disk - ok
23:44:37.0980 5444 DNIMp50 (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
23:44:37.0980 5444 DNIMp50 - ok
23:44:38.0011 5444 DNISp50 (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
23:44:38.0011 5444 DNISp50 - ok
23:44:38.0073 5444 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:44:38.0089 5444 Dot4 - ok
23:44:38.0104 5444 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:44:38.0104 5444 Dot4Print - ok
23:44:38.0120 5444 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:44:38.0120 5444 dot4usb - ok
23:44:38.0198 5444 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:44:38.0198 5444 drmkaud - ok
23:44:38.0276 5444 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:44:38.0276 5444 DXGKrnl - ok
23:44:38.0307 5444 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:44:38.0323 5444 E1G60 - ok
23:44:38.0401 5444 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:44:38.0401 5444 Ecache - ok
23:44:38.0463 5444 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:44:38.0463 5444 elxstor - ok
23:44:38.0541 5444 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:44:38.0541 5444 ErrDev - ok
23:44:38.0572 5444 EUSBMSD (3dc945a9abbfb2ecf268eed276e05fec) C:\Windows\system32\DRIVERS\EUSBMSD.SYS
23:44:38.0572 5444 EUSBMSD - ok
23:44:38.0619 5444 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:44:38.0635 5444 exfat - ok
23:44:38.0713 5444 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:44:38.0713 5444 fastfat - ok
23:44:38.0760 5444 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:44:38.0760 5444 fdc - ok
23:44:38.0775 5444 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:44:38.0775 5444 FileInfo - ok
23:44:38.0806 5444 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:44:38.0806 5444 Filetrace - ok
23:44:38.0853 5444 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:44:38.0853 5444 flpydisk - ok
23:44:38.0900 5444 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:44:38.0900 5444 FltMgr - ok
23:44:38.0931 5444 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:44:38.0947 5444 Fs_Rec - ok
23:44:39.0009 5444 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:44:39.0009 5444 gagp30kx - ok
23:44:39.0072 5444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:44:39.0072 5444 GEARAspiWDM - ok
23:44:39.0181 5444 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:44:39.0196 5444 HDAudBus - ok
23:44:39.0228 5444 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:44:39.0228 5444 HidBth - ok
23:44:39.0259 5444 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:44:39.0259 5444 HidIr - ok
23:44:39.0321 5444 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:44:39.0337 5444 HidUsb - ok
23:44:39.0368 5444 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:44:39.0368 5444 HpCISSs - ok
23:44:39.0477 5444 HSF_DP (617732f6c0f86df3757b1d39211c15e5) C:\Windows\system32\DRIVERS\HSX_DP.sys
23:44:39.0493 5444 HSF_DP - ok
23:44:39.0540 5444 HSXHWBS3 (b1322e002bc4a556f83e4edde8e2f30f) C:\Windows\system32\DRIVERS\HSXHWBS3.sys
23:44:39.0540 5444 HSXHWBS3 - ok
23:44:39.0586 5444 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
23:44:39.0586 5444 HTTP - ok
23:44:39.0664 5444 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:44:39.0664 5444 i2omp - ok
23:44:39.0696 5444 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:44:39.0696 5444 i8042prt - ok
23:44:39.0789 5444 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:44:39.0789 5444 iaStorV - ok
23:44:39.0836 5444 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:44:39.0836 5444 iirsp - ok
23:44:39.0976 5444 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
23:44:40.0008 5444 IntcAzAudAddService - ok
23:44:40.0101 5444 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:44:40.0101 5444 intelide - ok
23:44:40.0117 5444 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:44:40.0117 5444 intelppm - ok
23:44:40.0148 5444 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:44:40.0148 5444 IpFilterDriver - ok
23:44:40.0164 5444 IpInIp - ok
23:44:40.0179 5444 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:44:40.0179 5444 IPMIDRV - ok
23:44:40.0257 5444 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:44:40.0257 5444 IPNAT - ok
23:44:40.0288 5444 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:44:40.0288 5444 IRENUM - ok
23:44:40.0304 5444 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:44:40.0304 5444 isapnp - ok
23:44:40.0335 5444 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:44:40.0335 5444 iScsiPrt - ok
23:44:40.0413 5444 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:44:40.0413 5444 iteatapi - ok
23:44:40.0429 5444 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:44:40.0429 5444 iteraid - ok
23:44:40.0460 5444 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
23:44:40.0460 5444 jswpslwf - ok
23:44:40.0538 5444 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:44:40.0538 5444 kbdclass - ok
23:44:40.0600 5444 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:44:40.0600 5444 kbdhid - ok
23:44:40.0632 5444 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:44:40.0647 5444 KSecDD - ok
23:44:40.0678 5444 Lavasoft Kernexplorer - ok
23:44:40.0772 5444 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
23:44:40.0772 5444 Lbd - ok
23:44:40.0819 5444 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:44:40.0819 5444 lltdio - ok
23:44:40.0850 5444 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:44:40.0850 5444 LSI_FC - ok
23:44:40.0912 5444 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:44:40.0912 5444 LSI_SAS - ok
23:44:40.0959 5444 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:44:40.0975 5444 LSI_SCSI - ok
23:44:40.0990 5444 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:44:40.0990 5444 luafv - ok
23:44:41.0068 5444 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:44:41.0068 5444 mdmxsdk - ok
23:44:41.0084 5444 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:44:41.0084 5444 megasas - ok
23:44:41.0131 5444 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:44:41.0131 5444 MegaSR - ok
23:44:41.0224 5444 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:44:41.0224 5444 Modem - ok
23:44:41.0271 5444 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:44:41.0271 5444 monitor - ok
23:44:41.0349 5444 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:44:41.0349 5444 mouclass - ok
23:44:41.0365 5444 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:44:41.0365 5444 mouhid - ok
23:44:41.0396 5444 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:44:41.0396 5444 MountMgr - ok
23:44:41.0443 5444 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:44:41.0443 5444 mpio - ok
23:44:41.0505 5444 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:44:41.0505 5444 mpsdrv - ok
23:44:41.0521 5444 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:44:41.0521 5444 Mraid35x - ok
23:44:41.0568 5444 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:44:41.0568 5444 MRxDAV - ok
23:44:41.0661 5444 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:44:41.0661 5444 mrxsmb - ok
23:44:41.0708 5444 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:44:41.0724 5444 mrxsmb10 - ok
23:44:41.0739 5444 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:44:41.0739 5444 mrxsmb20 - ok
23:44:41.0786 5444 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:44:41.0786 5444 msahci - ok
23:44:41.0817 5444 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:44:41.0817 5444 msdsm - ok
23:44:41.0848 5444 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:44:41.0848 5444 Msfs - ok
23:44:41.0880 5444 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:44:41.0880 5444 msisadrv - ok
23:44:41.0958 5444 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:44:41.0958 5444 MSKSSRV - ok
23:44:41.0973 5444 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:44:41.0973 5444 MSPCLOCK - ok
23:44:41.0989 5444 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:44:41.0989 5444 MSPQM - ok
23:44:42.0051 5444 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:44:42.0051 5444 MsRPC - ok
23:44:42.0114 5444 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:44:42.0114 5444 mssmbios - ok
23:44:42.0129 5444 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:44:42.0129 5444 MSTEE - ok
23:44:42.0176 5444 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:44:42.0176 5444 Mup - ok
23:44:42.0254 5444 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:44:42.0254 5444 NativeWifiP - ok
23:44:42.0285 5444 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:44:42.0285 5444 NDIS - ok
23:44:42.0332 5444 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:44:42.0332 5444 NdisTapi - ok
23:44:42.0379 5444 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:44:42.0379 5444 Ndisuio - ok
23:44:42.0394 5444 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:44:42.0410 5444 NdisWan - ok
23:44:42.0441 5444 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:44:42.0441 5444 NDProxy - ok
23:44:42.0504 5444 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:44:42.0504 5444 NetBIOS - ok
23:44:42.0535 5444 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:44:42.0535 5444 netbt - ok
23:44:42.0582 5444 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:44:42.0582 5444 nfrd960 - ok
23:44:42.0644 5444 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:44:42.0644 5444 Npfs - ok
23:44:42.0660 5444 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:44:42.0660 5444 nsiproxy - ok
23:44:42.0722 5444 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:44:42.0738 5444 Ntfs - ok
23:44:42.0800 5444 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:44:42.0800 5444 ntrigdigi - ok
23:44:42.0831 5444 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:44:42.0831 5444 Null - ok
23:44:42.0894 5444 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:44:42.0909 5444 NVENETFD - ok
23:44:43.0174 5444 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:44:43.0299 5444 nvlddmkm - ok
23:44:43.0393 5444 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:44:43.0393 5444 nvraid - ok
23:44:43.0424 5444 nvrd32 (6934105ecc6a19570160d794e301e595) C:\Windows\system32\drivers\nvrd32.sys
23:44:43.0424 5444 nvrd32 - ok
23:44:43.0455 5444 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
23:44:43.0455 5444 nvsmu - ok
23:44:43.0518 5444 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:44:43.0518 5444 nvstor - ok
23:44:43.0549 5444 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys
23:44:43.0549 5444 nvstor32 - ok
23:44:43.0580 5444 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:44:43.0580 5444 nv_agp - ok
23:44:43.0642 5444 NwlnkFlt - ok
23:44:43.0642 5444 NwlnkFwd - ok
23:44:43.0689 5444 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:44:43.0689 5444 ohci1394 - ok
23:44:43.0736 5444 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:44:43.0736 5444 Parport - ok
23:44:43.0798 5444 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:44:43.0798 5444 partmgr - ok
23:44:43.0830 5444 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:44:43.0830 5444 Parvdm - ok
23:44:43.0861 5444 PcdrNdisuio - ok
23:44:43.0876 5444 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:44:43.0876 5444 pci - ok
23:44:43.0923 5444 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:44:43.0923 5444 pciide - ok
23:44:43.0970 5444 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:44:43.0970 5444 pcmcia - ok
23:44:44.0017 5444 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:44:44.0032 5444 PEAUTH - ok
23:44:44.0110 5444 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:44:44.0126 5444 PptpMiniport - ok
23:44:44.0142 5444 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:44:44.0142 5444 Processor - ok
23:44:44.0188 5444 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:44:44.0188 5444 PSched - ok
23:44:44.0282 5444 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:44:44.0298 5444 ql2300 - ok
23:44:44.0344 5444 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:44:44.0344 5444 ql40xx - ok
23:44:44.0391 5444 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:44:44.0407 5444 QWAVEdrv - ok
23:44:44.0407 5444 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:44:44.0422 5444 RasAcd - ok
23:44:44.0438 5444 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:44:44.0438 5444 Rasl2tp - ok
23:44:44.0469 5444 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:44:44.0485 5444 RasPppoe - ok
23:44:44.0547 5444 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:44:44.0547 5444 RasSstp - ok
23:44:44.0578 5444 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:44:44.0578 5444 rdbss - ok
23:44:44.0610 5444 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:44:44.0610 5444 RDPCDD - ok
23:44:44.0688 5444 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:44:44.0688 5444 rdpdr - ok
23:44:44.0703 5444 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:44:44.0703 5444 RDPENCDD - ok
23:44:44.0750 5444 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:44:44.0750 5444 RDPWD - ok
23:44:44.0797 5444 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:44:44.0797 5444 rspndr - ok
23:44:44.0859 5444 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:44:44.0859 5444 sbp2port - ok
23:44:44.0906 5444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:44:44.0906 5444 secdrv - ok
23:44:44.0953 5444 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:44:44.0953 5444 Serenum - ok
23:44:45.0015 5444 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:44:45.0015 5444 Serial - ok
23:44:45.0046 5444 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:44:45.0046 5444 sermouse - ok
23:44:45.0109 5444 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:44:45.0109 5444 sffdisk - ok
23:44:45.0156 5444 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:44:45.0156 5444 sffp_mmc - ok
23:44:45.0187 5444 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:44:45.0187 5444 sffp_sd - ok
23:44:45.0218 5444 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:44:45.0218 5444 sfloppy - ok
23:44:45.0265 5444 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:44:45.0265 5444 sisagp - ok
23:44:45.0327 5444 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:44:45.0327 5444 SiSRaid2 - ok
23:44:45.0374 5444 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:44:45.0374 5444 SiSRaid4 - ok
23:44:45.0405 5444 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:44:45.0405 5444 Smb - ok
23:44:45.0499 5444 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:44:45.0499 5444 spldr - ok
23:44:45.0577 5444 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:44:45.0577 5444 srv - ok
23:44:45.0670 5444 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:44:45.0670 5444 srv2 - ok
23:44:45.0702 5444 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:44:45.0702 5444 srvnet - ok
23:44:45.0764 5444 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:44:45.0764 5444 swenum - ok
23:44:45.0811 5444 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:44:45.0811 5444 Symc8xx - ok
23:44:45.0842 5444 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:44:45.0842 5444 Sym_hi - ok
23:44:45.0858 5444 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:44:45.0858 5444 Sym_u3 - ok
23:44:45.0936 5444 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:44:45.0951 5444 Tcpip - ok
23:44:45.0998 5444 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:44:45.0998 5444 Tcpip6 - ok
23:44:46.0045 5444 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:44:46.0045 5444 tcpipreg - ok
23:44:46.0076 5444 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:44:46.0076 5444 TDPIPE - ok
23:44:46.0092 5444 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:44:46.0092 5444 TDTCP - ok
23:44:46.0154 5444 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:44:46.0170 5444 tdx - ok
23:44:46.0185 5444 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:44:46.0201 5444 TermDD - ok
23:44:46.0248 5444 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:44:46.0248 5444 tssecsrv - ok
23:44:46.0357 5444 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
23:44:46.0357 5444 TuneUpUtilitiesDrv - ok
23:44:46.0435 5444 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:44:46.0435 5444 tunnel - ok
23:44:46.0482 5444 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:44:46.0482 5444 uagp35 - ok
23:44:46.0513 5444 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:44:46.0528 5444 udfs - ok
23:44:46.0606 5444 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:44:46.0606 5444 uliagpkx - ok
23:44:46.0638 5444 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:44:46.0638 5444 uliahci - ok
23:44:46.0669 5444 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:44:46.0669 5444 UlSata - ok
23:44:46.0731 5444 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:44:46.0731 5444 ulsata2 - ok
23:44:46.0762 5444 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:44:46.0762 5444 umbus - ok
23:44:46.0809 5444 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:44:46.0809 5444 usbaudio - ok
23:44:46.0887 5444 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
23:44:46.0887 5444 usbbus - ok
23:44:46.0918 5444 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:44:46.0918 5444 usbccgp - ok
23:44:46.0950 5444 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:44:46.0950 5444 usbcir - ok
23:44:46.0981 5444 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
23:44:46.0981 5444 UsbDiag - ok
23:44:47.0043 5444 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:44:47.0059 5444 usbehci - ok
23:44:47.0074 5444 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:44:47.0074 5444 usbhub - ok
23:44:47.0121 5444 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
23:44:47.0121 5444 USBIO - ok
23:44:47.0184 5444 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
23:44:47.0184 5444 USBModem - ok
23:44:47.0215 5444 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:44:47.0230 5444 usbohci - ok
23:44:47.0246 5444 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:44:47.0246 5444 usbprint - ok
23:44:47.0308 5444 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:44:47.0324 5444 usbscan - ok
23:44:47.0340 5444 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:44:47.0340 5444 USBSTOR - ok
23:44:47.0371 5444 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:44:47.0371 5444 usbuhci - ok
23:44:47.0449 5444 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:44:47.0449 5444 vga - ok
23:44:47.0464 5444 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:44:47.0464 5444 VgaSave - ok
23:44:47.0496 5444 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:44:47.0496 5444 viaagp - ok
23:44:47.0527 5444 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:44:47.0527 5444 ViaC7 - ok
23:44:47.0542 5444 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:44:47.0542 5444 viaide - ok
23:44:47.0605 5444 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:44:47.0605 5444 volmgr - ok
23:44:47.0636 5444 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:44:47.0636 5444 volmgrx - ok
23:44:47.0667 5444 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:44:47.0683 5444 volsnap - ok
23:44:47.0745 5444 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:44:47.0761 5444 vsmraid - ok
23:44:47.0792 5444 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:44:47.0792 5444 WacomPen - ok
23:44:47.0808 5444 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:44:47.0808 5444 Wanarp - ok
23:44:47.0808 5444 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:44:47.0808 5444 Wanarpv6 - ok
23:44:47.0854 5444 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:44:47.0854 5444 Wd - ok
23:44:47.0948 5444 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
23:44:47.0948 5444 WDC_SAM - ok
23:44:47.0995 5444 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:44:48.0010 5444 Wdf01000 - ok
23:44:48.0088 5444 winachsf (f1265727c078406299ff4b3b033e3132) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:44:48.0088 5444 winachsf - ok
23:44:48.0198 5444 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
23:44:48.0198 5444 WmiAcpi - ok
23:44:48.0260 5444 WNDA3100 (7520ec4d3c37fe487fe887cac22524ed) C:\Windows\system32\DRIVERS\WNDA31v.sys
23:44:48.0260 5444 WNDA3100 - ok
23:44:48.0354 5444 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:44:48.0354 5444 WpdUsb - ok
23:44:48.0385 5444 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:44:48.0385 5444 ws2ifsl - ok
23:44:48.0416 5444 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:44:48.0432 5444 WUDFRd - ok
23:44:48.0494 5444 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
23:44:48.0494 5444 XAudio - ok
23:44:48.0525 5444 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
23:44:48.0681 5444 \Device\Harddisk0\DR0 - ok
23:44:48.0697 5444 Boot (0x1200) (1be2c480deb0cb3607da538bce2ca9d3) \Device\Harddisk0\DR0\Partition0
23:44:48.0697 5444 \Device\Harddisk0\DR0\Partition0 - ok
23:44:48.0697 5444 Boot (0x1200) (536c9b2d4a6f517a9b6193e27bf669e9) \Device\Harddisk0\DR0\Partition1
23:44:48.0697 5444 \Device\Harddisk0\DR0\Partition1 - ok
23:44:48.0697 5444 ============================================================
23:44:48.0697 5444 Scan finished
23:44:48.0697 5444 ============================================================
23:44:48.0712 2072 Detected object count: 0
23:44:48.0712 2072 Actual detected object count: 0
23:45:08.0120 5260 Deinitialize success
=====================================================
23:46:27.0680 2716 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
23:46:27.0727 2716 ============================================================
23:46:27.0727 2716 Current date / time: 2012/01/09 23:46:27.0727
23:46:27.0727 2716 SystemInfo:
23:46:27.0727 2716
23:46:27.0727 2716 OS Version: 6.0.6002 ServicePack: 2.0
23:46:27.0727 2716 Product type: Workstation
23:46:27.0727 2716 ComputerName: BARLOW-PC3
23:46:27.0742 2716 UserName: Lisa
23:46:27.0742 2716 Windows directory: C:\Windows
23:46:27.0742 2716 System windows directory: C:\Windows
23:46:27.0742 2716 Processor architecture: Intel x86
23:46:27.0742 2716 Number of processors: 2
23:46:27.0742 2716 Page size: 0x1000
23:46:27.0742 2716 Boot type: Normal boot
23:46:27.0742 2716 ============================================================
23:46:27.0976 2716 Initialize success
23:46:49.0972 6072 ============================================================
23:46:49.0972 6072 Scan started
23:46:49.0972 6072 Mode: Manual; SigCheck; TDLFS;
23:46:49.0972 6072 ============================================================
23:46:50.0175 6072 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:46:50.0409 6072 ACPI - ok
23:46:50.0534 6072 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
23:46:50.0549 6072 adp94xx - ok
23:46:50.0581 6072 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
23:46:50.0596 6072 adpahci - ok
23:46:50.0612 6072 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
23:46:50.0627 6072 adpu160m - ok
23:46:50.0690 6072 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
23:46:50.0705 6072 adpu320 - ok
23:46:50.0815 6072 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:46:51.0080 6072 AFD - ok
23:46:51.0173 6072 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
23:46:51.0189 6072 agp440 - ok
23:46:51.0205 6072 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:46:51.0220 6072 aic78xx - ok
23:46:51.0236 6072 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
23:46:51.0251 6072 aliide - ok
23:46:51.0267 6072 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
23:46:51.0283 6072 amdagp - ok
23:46:51.0298 6072 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
23:46:51.0298 6072 amdide - ok
23:46:51.0376 6072 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
23:46:51.0501 6072 AmdK7 - ok
23:46:51.0579 6072 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
23:46:51.0626 6072 AmdK8 - ok
23:46:51.0735 6072 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
23:46:51.0735 6072 arc - ok
23:46:51.0782 6072 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
23:46:51.0782 6072 arcsas - ok
23:46:51.0829 6072 aswFsBlk (054df24c92b55427e0757cfff160e4f2) C:\Windows\system32\drivers\aswFsBlk.sys
23:46:51.0860 6072 aswFsBlk - ok
23:46:51.0953 6072 aswMonFlt (258143605e77e4008f1758481d6a977d) C:\Windows\system32\drivers\aswMonFlt.sys
23:46:51.0953 6072 aswMonFlt - ok
23:46:51.0969 6072 aswRdr (352d5a48ebab35a7693b048679304831) C:\Windows\system32\drivers\aswRdr.sys
23:46:51.0985 6072 aswRdr - ok
23:46:52.0094 6072 aswSnx (8d34d2b24297e27d93e847319abfdec4) C:\Windows\system32\drivers\aswSnx.sys
23:46:52.0125 6072 aswSnx - ok
23:46:52.0156 6072 aswSP (010012597333da1f46c3243f33f8409e) C:\Windows\system32\drivers\aswSP.sys
23:46:52.0172 6072 aswSP - ok
23:46:52.0234 6072 aswTdi (f9f84364416658e9786235904d448d37) C:\Windows\system32\drivers\aswTdi.sys
23:46:52.0250 6072 aswTdi - ok
23:46:52.0281 6072 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:46:52.0343 6072 AsyncMac - ok
23:46:52.0406 6072 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:46:52.0421 6072 atapi - ok
23:46:52.0484 6072 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:46:52.0531 6072 Beep - ok
23:46:52.0609 6072 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
23:46:52.0655 6072 blbdrive - ok
23:46:52.0718 6072 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:46:52.0765 6072 bowser - ok
23:46:52.0843 6072 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:46:52.0967 6072 BrFiltLo - ok
23:46:53.0045 6072 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:46:53.0092 6072 BrFiltUp - ok
23:46:53.0123 6072 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:46:53.0264 6072 Brserid - ok
23:46:53.0342 6072 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:46:53.0404 6072 BrSerWdm - ok
23:46:53.0435 6072 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:46:53.0513 6072 BrUsbMdm - ok
23:46:53.0591 6072 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:46:53.0654 6072 BrUsbSer - ok
23:46:53.0701 6072 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:46:53.0763 6072 BTHMODEM - ok
23:46:53.0841 6072 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:46:53.0888 6072 cdfs - ok
23:46:53.0919 6072 cdrom (61d48504f34d30b13e7d9a50f855fa07) C:\Windows\system32\DRIVERS\cdrom.sys
23:46:53.0935 6072 cdrom ( UnsignedFile.Multi.Generic ) - warning
23:46:53.0935 6072 cdrom - detected UnsignedFile.Multi.Generic (1)
23:46:54.0013 6072 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
23:46:54.0075 6072 circlass - ok
23:46:54.0122 6072 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:46:54.0137 6072 CLFS - ok
23:46:54.0200 6072 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
23:46:54.0215 6072 cmdide - ok
23:46:54.0231 6072 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
23:46:54.0247 6072 Compbatt - ok
23:46:54.0262 6072 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
23:46:54.0262 6072 crcdisk - ok
23:46:54.0293 6072 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
23:46:54.0325 6072 Crusoe - ok
23:46:54.0387 6072 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:46:54.0449 6072 DfsC - ok
23:46:54.0543 6072 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:46:54.0559 6072 disk - ok
23:46:54.0590 6072 DNIMp50 (2782a4549cc6558c52b0753126b2a833) C:\Windows\system32\Drivers\DNIMp50.sys
23:46:54.0621 6072 DNIMp50 ( UnsignedFile.Multi.Generic ) - warning
23:46:54.0621 6072 DNIMp50 - detected UnsignedFile.Multi.Generic (1)
23:46:54.0699 6072 DNISp50 (b222622709a919c91cb54a90cf7ceefc) C:\Windows\system32\Drivers\DNISp50.sys
23:46:54.0730 6072 DNISp50 ( UnsignedFile.Multi.Generic ) - warning
23:46:54.0730 6072 DNISp50 - detected UnsignedFile.Multi.Generic (1)
23:46:54.0777 6072 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
23:46:54.0824 6072 Dot4 - ok
23:46:54.0902 6072 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:46:54.0949 6072 Dot4Print - ok
23:46:54.0980 6072 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
23:46:55.0011 6072 dot4usb - ok
23:46:55.0105 6072 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:46:55.0120 6072 drmkaud - ok
23:46:55.0183 6072 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:46:55.0214 6072 DXGKrnl - ok
23:46:55.0245 6072 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:46:55.0292 6072 E1G60 - ok
23:46:55.0370 6072 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:46:55.0385 6072 Ecache - ok
23:46:55.0432 6072 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
23:46:55.0448 6072 elxstor - ok
23:46:55.0479 6072 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
23:46:55.0526 6072 ErrDev - ok
23:46:55.0588 6072 EUSBMSD (3dc945a9abbfb2ecf268eed276e05fec) C:\Windows\system32\DRIVERS\EUSBMSD.SYS
23:46:55.0635 6072 EUSBMSD - ok
23:46:55.0729 6072 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:46:55.0775 6072 exfat - ok
23:46:55.0791 6072 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:46:55.0838 6072 fastfat - ok
23:46:55.0916 6072 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
23:46:55.0978 6072 fdc - ok
23:46:56.0009 6072 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:46:56.0009 6072 FileInfo - ok
23:46:56.0041 6072 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:46:56.0072 6072 Filetrace - ok
23:46:56.0150 6072 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
23:46:56.0197 6072 flpydisk - ok
23:46:56.0243 6072 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:46:56.0259 6072 FltMgr - ok
23:46:56.0337 6072 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:46:56.0384 6072 Fs_Rec - ok
23:46:56.0399 6072 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
23:46:56.0415 6072 gagp30kx - ok
23:46:56.0510 6072 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:46:56.0525 6072 GEARAspiWDM - ok
23:46:56.0650 6072 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:46:56.0697 6072 HDAudBus - ok
23:46:56.0744 6072 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:46:56.0806 6072 HidBth - ok
23:46:56.0868 6072 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:46:56.0931 6072 HidIr - ok
23:46:56.0978 6072 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
23:46:57.0024 6072 HidUsb - ok
23:46:57.0102 6072 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
23:46:57.0118 6072 HpCISSs - ok
23:46:57.0196 6072 HSF_DP (617732f6c0f86df3757b1d39211c15e5) C:\Windows\system32\DRIVERS\HSX_DP.sys
23:46:57.0274 6072 HSF_DP - ok
23:46:57.0352 6072 HSXHWBS3 (b1322e002bc4a556f83e4edde8e2f30f) C:\Windows\system32\DRIVERS\HSXHWBS3.sys
23:46:57.0383 6072 HSXHWBS3 - ok
23:46:57.0430 6072 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
23:46:57.0477 6072 HTTP - ok
23:46:57.0555 6072 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
23:46:57.0555 6072 i2omp - ok
23:46:57.0602 6072 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:46:57.0633 6072 i8042prt - ok
23:46:57.0726 6072 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
23:46:57.0742 6072 iaStorV - ok
23:46:57.0773 6072 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:46:57.0789 6072 iirsp - ok
23:46:57.0929 6072 IntcAzAudAddService (84ed2154239f9d013bbd3220755ada8b) C:\Windows\system32\drivers\RTKVHDA.sys
23:46:57.0992 6072 IntcAzAudAddService - ok
23:46:58.0070 6072 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:46:58.0085 6072 intelide - ok
23:46:58.0116 6072 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:46:58.0148 6072 intelppm - ok
23:46:58.0241 6072 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:46:58.0288 6072 IpFilterDriver - ok
23:46:58.0304 6072 IpInIp - ok
23:46:58.0319 6072 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
23:46:58.0366 6072 IPMIDRV - ok
23:46:58.0397 6072 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:46:58.0444 6072 IPNAT - ok
23:46:58.0522 6072 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:46:58.0553 6072 IRENUM - ok
23:46:58.0569 6072 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
23:46:58.0584 6072 isapnp - ok
23:46:58.0616 6072 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:46:58.0631 6072 iScsiPrt - ok
23:46:58.0647 6072 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:46:58.0647 6072 iteatapi - ok
23:46:58.0725 6072 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:46:58.0740 6072 iteraid - ok
23:46:58.0772 6072 jswpslwf (7e72514a3a1c5a9f3bff0660b3866c2b) C:\Windows\system32\DRIVERS\jswpslwf.sys
23:46:58.0818 6072 jswpslwf - ok
23:46:58.0896 6072 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:46:58.0896 6072 kbdclass - ok
23:46:58.0959 6072 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
23:46:59.0006 6072 kbdhid - ok
23:46:59.0099 6072 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
23:46:59.0130 6072 KSecDD - ok
23:46:59.0177 6072 Lavasoft Kernexplorer - ok
23:46:59.0255 6072 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\Windows\system32\DRIVERS\Lbd.sys
23:46:59.0271 6072 Lbd - ok
23:46:59.0318 6072 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:46:59.0349 6072 lltdio - ok
23:46:59.0396 6072 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
23:46:59.0411 6072 LSI_FC - ok
23:46:59.0489 6072 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
23:46:59.0489 6072 LSI_SAS - ok
23:46:59.0536 6072 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
23:46:59.0552 6072 LSI_SCSI - ok
23:46:59.0567 6072 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:46:59.0598 6072 luafv - ok
23:46:59.0661 6072 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:46:59.0708 6072 mdmxsdk - ok
23:46:59.0754 6072 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
23:46:59.0770 6072 megasas - ok
23:46:59.0848 6072 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
23:46:59.0864 6072 MegaSR - ok
23:46:59.0942 6072 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:46:59.0957 6072 Modem - ok
23:47:00.0051 6072 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:47:00.0082 6072 monitor - ok
23:47:00.0113 6072 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:47:00.0129 6072 mouclass - ok
23:47:00.0176 6072 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
23:47:00.0222 6072 mouhid - ok
23:47:00.0238 6072 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:47:00.0254 6072 MountMgr - ok
23:47:00.0300 6072 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
23:47:00.0316 6072 mpio - ok
23:47:00.0363 6072 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:47:00.0410 6072 mpsdrv - ok
23:47:00.0441 6072 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:47:00.0456 6072 Mraid35x - ok
23:47:00.0488 6072 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:47:00.0534 6072 MRxDAV - ok
23:47:00.0644 6072 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:47:00.0690 6072 mrxsmb - ok
23:47:00.0737 6072 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:47:00.0768 6072 mrxsmb10 - ok
23:47:00.0893 6072 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:47:00.0909 6072 mrxsmb20 - ok
23:47:00.0956 6072 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
23:47:00.0956 6072 msahci - ok
23:47:01.0034 6072 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
23:47:01.0049 6072 msdsm - ok
23:47:01.0080 6072 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:47:01.0112 6072 Msfs - ok
23:47:01.0158 6072 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:47:01.0174 6072 msisadrv - ok
23:47:01.0252 6072 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:47:01.0299 6072 MSKSSRV - ok
23:47:01.0330 6072 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:47:01.0361 6072 MSPCLOCK - ok
23:47:01.0377 6072 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:47:01.0392 6072 MSPQM - ok
23:47:01.0439 6072 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:47:01.0455 6072 MsRPC - ok
23:47:01.0517 6072 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:47:01.0533 6072 mssmbios - ok
23:47:01.0548 6072 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:47:01.0580 6072 MSTEE - ok
23:47:01.0642 6072 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:47:01.0658 6072 Mup - ok
23:47:01.0736 6072 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:47:01.0767 6072 NativeWifiP - ok
23:47:01.0814 6072 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:47:01.0860 6072 NDIS - ok
23:47:01.0954 6072 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:47:01.0985 6072 NdisTapi - ok
23:47:02.0032 6072 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:47:02.0063 6072 Ndisuio - ok
23:47:02.0141 6072 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:47:02.0188 6072 NdisWan - ok
23:47:02.0219 6072 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:47:02.0250 6072 NDProxy - ok
23:47:02.0328 6072 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:47:02.0375 6072 NetBIOS - ok
23:47:02.0406 6072 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:47:02.0453 6072 netbt - ok
23:47:02.0531 6072 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:47:02.0532 6072 nfrd960 - ok
23:47:02.0563 6072 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:47:02.0610 6072 Npfs - ok
23:47:02.0641 6072 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:47:02.0688 6072 nsiproxy - ok
23:47:02.0782 6072 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:47:02.0829 6072 Ntfs - ok
23:47:02.0860 6072 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:47:02.0907 6072 ntrigdigi - ok
23:47:02.0953 6072 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:47:03.0000 6072 Null - ok
23:47:03.0063 6072 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
23:47:03.0109 6072 NVENETFD - ok
23:47:03.0359 6072 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:47:03.0749 6072 nvlddmkm - ok
23:47:03.0827 6072 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
23:47:03.0827 6072 nvraid - ok
23:47:03.0858 6072 nvrd32 (6934105ecc6a19570160d794e301e595) C:\Windows\system32\drivers\nvrd32.sys
23:47:03.0874 6072 nvrd32 - ok
23:47:03.0905 6072 nvsmu (62754e376185eacbb73d06fea0ffc54a) C:\Windows\system32\drivers\nvsmu.sys
23:47:03.0936 6072 nvsmu - ok
23:47:04.0014 6072 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
23:47:04.0014 6072 nvstor - ok
23:47:04.0045 6072 nvstor32 (d05f6e26ac960474494356fe703d61be) C:\Windows\system32\DRIVERS\nvstor32.sys
23:47:04.0061 6072 nvstor32 - ok
23:47:04.0092 6072 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
23:47:04.0108 6072 nv_agp - ok
23:47:04.0155 6072 NwlnkFlt - ok
23:47:04.0170 6072 NwlnkFwd - ok
23:47:04.0201 6072 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:47:04.0264 6072 ohci1394 - ok
23:47:04.0342 6072 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:47:04.0389 6072 Parport - ok
23:47:04.0420 6072 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:47:04.0435 6072 partmgr - ok
23:47:04.0467 6072 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:47:04.0513 6072 Parvdm - ok
23:47:04.0560 6072 PcdrNdisuio - ok
23:47:04.0591 6072 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:47:04.0607 6072 pci - ok
23:47:04.0654 6072 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
23:47:04.0654 6072 pciide - ok
23:47:04.0685 6072 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
23:47:04.0701 6072 pcmcia - ok
23:47:04.0763 6072 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:47:04.0857 6072 PEAUTH - ok
23:47:04.0966 6072 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:47:05.0013 6072 PptpMiniport - ok
23:47:05.0059 6072 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
23:47:05.0106 6072 Processor - ok
23:47:05.0169 6072 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:47:05.0200 6072 PSched - ok
23:47:05.0309 6072 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
23:47:05.0340 6072 ql2300 - ok
23:47:05.0387 6072 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:47:05.0403 6072 ql40xx - ok
23:47:05.0465 6072 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:47:05.0512 6072 QWAVEdrv - ok
23:47:05.0543 6072 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:47:05.0590 6072 RasAcd - ok
23:47:05.0668 6072 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:47:05.0715 6072 Rasl2tp - ok
23:47:05.0777 6072 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:47:05.0824 6072 RasPppoe - ok
23:47:05.0886 6072 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:47:05.0902 6072 RasSstp - ok
23:47:05.0964 6072 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:47:06.0011 6072 rdbss - ok
23:47:06.0058 6072 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:47:06.0105 6072 RDPCDD - ok
23:47:06.0167 6072 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
23:47:06.0198 6072 rdpdr - ok
23:47:06.0261 6072 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:47:06.0307 6072 RDPENCDD - ok
23:47:06.0339 6072 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:47:06.0370 6072 RDPWD - ok
23:47:06.0417 6072 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:47:06.0448 6072 rspndr - ok
23:47:06.0510 6072 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:47:06.0526 6072 sbp2port - ok
23:47:06.0573 6072 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:47:06.0635 6072 secdrv - ok
23:47:06.0682 6072 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:47:06.0729 6072 Serenum - ok
23:47:06.0791 6072 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:47:06.0853 6072 Serial - ok
23:47:06.0900 6072 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:47:06.0916 6072 sermouse - ok
23:47:07.0009 6072 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
23:47:07.0041 6072 sffdisk - ok
23:47:07.0087 6072 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
23:47:07.0119 6072 sffp_mmc - ok
23:47:07.0165 6072 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
23:47:07.0197 6072 sffp_sd - ok
23:47:07.0228 6072 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:47:07.0275 6072 sfloppy - ok
23:47:07.0337 6072 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
23:47:07.0337 6072 sisagp - ok
23:47:07.0399 6072 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
23:47:07.0415 6072 SiSRaid2 - ok
23:47:07.0446 6072 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
23:47:07.0462 6072 SiSRaid4 - ok
23:47:07.0509 6072 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:47:07.0555 6072 Smb - ok
23:47:07.0633 6072 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:47:07.0649 6072 spldr - ok
23:47:07.0727 6072 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:47:07.0758 6072 srv - ok
23:47:07.0852 6072 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:47:07.0899 6072 srv2 - ok
23:47:07.0945 6072 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:47:07.0977 6072 srvnet - ok
23:47:08.0055 6072 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:47:08.0055 6072 swenum - ok
23:47:08.0101 6072 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:47:08.0101 6072 Symc8xx - ok
23:47:08.0133 6072 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:47:08.0133 6072 Sym_hi - ok
23:47:08.0195 6072 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:47:08.0211 6072 Sym_u3 - ok
23:47:08.0273 6072 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:47:08.0320 6072 Tcpip - ok
23:47:08.0382 6072 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:47:08.0413 6072 Tcpip6 - ok
23:47:08.0445 6072 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:47:08.0507 6072 tcpipreg - ok
23:47:08.0585 6072 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:47:08.0616 6072 TDPIPE - ok
23:47:08.0647 6072 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:47:08.0679 6072 TDTCP - ok
23:47:08.0757 6072 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:47:08.0803 6072 tdx - ok
23:47:08.0835 6072 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:47:08.0850 6072 TermDD - ok
23:47:08.0897 6072 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:47:08.0944 6072 tssecsrv - ok
23:47:09.0053 6072 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
23:47:09.0069 6072 TuneUpUtilitiesDrv - ok
23:47:09.0147 6072 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:47:09.0162 6072 tunnel - ok
23:47:09.0209 6072 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
23:47:09.0225 6072 uagp35 - ok
23:47:09.0256 6072 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:47:09.0303 6072 udfs - ok
23:47:09.0396 6072 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
23:47:09.0412 6072 uliagpkx - ok
23:47:09.0427 6072 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
23:47:09.0443 6072 uliahci - ok
23:47:09.0474 6072 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:47:09.0474 6072 UlSata - ok
23:47:09.0505 6072 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:47:09.0505 6072 ulsata2 - ok
23:47:09.0583 6072 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:47:09.0615 6072 umbus - ok
23:47:09.0661 6072 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:47:09.0708 6072 usbaudio - ok
23:47:09.0786 6072 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
23:47:09.0817 6072 usbbus - ok
23:47:09.0849 6072 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:47:09.0895 6072 usbccgp - ok
23:47:09.0973 6072 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:47:10.0036 6072 usbcir - ok
23:47:10.0067 6072 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
23:47:10.0067 6072 UsbDiag - ok
23:47:10.0129 6072 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:47:10.0145 6072 usbehci - ok
23:47:10.0176 6072 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:47:10.0223 6072 usbhub - ok
23:47:10.0285 6072 USBIO (f90d8f845095fcd6924e3d751c04e442) C:\Windows\system32\Drivers\usbio.sys
23:47:10.0301 6072 USBIO ( UnsignedFile.Multi.Generic ) - warning
23:47:10.0301 6072 USBIO - detected UnsignedFile.Multi.Generic (1)
23:47:10.0379 6072 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
23:47:10.0410 6072 USBModem - ok
23:47:10.0441 6072 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
23:47:10.0473 6072 usbohci - ok
23:47:10.0488 6072 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
23:47:10.0519 6072 usbprint - ok
23:47:10.0566 6072 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:47:10.0582 6072 usbscan - ok
23:47:10.0613 6072 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:47:10.0644 6072 USBSTOR - ok
23:47:10.0707 6072 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:47:10.0738 6072 usbuhci - ok
23:47:10.0816 6072 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
23:47:10.0863 6072 vga - ok
23:47:10.0894 6072 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:47:10.0925 6072 VgaSave - ok
23:47:10.0956 6072 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
23:47:10.0956 6072 viaagp - ok
23:47:11.0003 6072 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
23:47:11.0034 6072 ViaC7 - ok
23:47:11.0065 6072 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
23:47:11.0065 6072 viaide - ok
23:47:11.0112 6072 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:47:11.0112 6072 volmgr - ok
23:47:11.0143 6072 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:47:11.0159 6072 volmgrx - ok
23:47:11.0221 6072 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:47:11.0237 6072 volsnap - ok
23:47:11.0299 6072 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
23:47:11.0299 6072 vsmraid - ok
23:47:11.0362 6072 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
23:47:11.0424 6072 WacomPen - ok
23:47:11.0487 6072 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:47:11.0502 6072 Wanarp - ok
23:47:11.0502 6072 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:47:11.0533 6072 Wanarpv6 - ok
23:47:11.0580 6072 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
23:47:11.0596 6072 Wd - ok
23:47:11.0658 6072 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys
23:47:11.0721 6072 WDC_SAM - ok
23:47:11.0799 6072 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:47:11.0814 6072 Wdf01000 - ok
23:47:11.0923 6072 winachsf (f1265727c078406299ff4b3b033e3132) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:47:12.0001 6072 winachsf - ok
23:47:12.0126 6072 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
23:47:12.0142 6072 WmiAcpi - ok
23:47:12.0204 6072 WNDA3100 (7520ec4d3c37fe487fe887cac22524ed) C:\Windows\system32\DRIVERS\WNDA31v.sys
23:47:12.0282 6072 WNDA3100 - ok
23:47:12.0345 6072 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:47:12.0407 6072 WpdUsb - ok
23:47:12.0438 6072 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:47:12.0469 6072 ws2ifsl - ok
23:47:12.0516 6072 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:47:12.0563 6072 WUDFRd - ok
23:47:12.0610 6072 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
23:47:12.0641 6072 XAudio - ok
23:47:12.0688 6072 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
23:47:12.0891 6072 \Device\Harddisk0\DR0 - ok
23:47:12.0906 6072 Boot (0x1200) (1be2c480deb0cb3607da538bce2ca9d3) \Device\Harddisk0\DR0\Partition0
23:47:12.0906 6072 \Device\Harddisk0\DR0\Partition0 - ok
23:47:12.0906 6072 Boot (0x1200) (536c9b2d4a6f517a9b6193e27bf669e9) \Device\Harddisk0\DR0\Partition1
23:47:12.0906 6072 \Device\Harddisk0\DR0\Partition1 - ok
23:47:12.0906 6072 ============================================================
23:47:12.0906 6072 Scan finished
23:47:12.0906 6072 ============================================================
23:47:12.0922 6132 Detected object count: 4
23:47:12.0922 6132 Actual detected object count: 4
23:48:04.0901 6132 cdrom ( UnsignedFile.Multi.Generic ) - skipped by user
23:48:04.0901 6132 cdrom ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:48:04.0995 6132 C:\Windows\system32\Drivers\DNIMp50.sys - copied to quarantine
23:48:04.0995 6132 DNIMp50 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
23:48:05.0026 6132 C:\Windows\system32\Drivers\DNISp50.sys - copied to quarantine
23:48:05.0026 6132 DNISp50 ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
23:48:05.0057 6132 C:\Windows\system32\Drivers\usbio.sys - copied to quarantine
23:48:05.0057 6132 USBIO ( UnsignedFile.Multi.Generic ) - User select action: Quarantine
23:48:11.0016 0764 Deinitialize success

Attached Thumbnails

  • diskmgmt scrnshotUntitled.jpg

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi could you post the full OTL log please
  • 0

#3
lfb8769

lfb8769

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Sorry about that, I thought I had copied it all. :cool:

OTL logfile created on: 1/10/2012 12:23:56 AM - Run 4
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lisa\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 188.39 Mb Available Physical Memory | 21.08% Memory free
2.01 Gb Paging File | 1.23 Gb Available in Paging File | 61.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.91 Gb Total Space | 100.39 Gb Free Space | 45.24% Space Free | Partition Type: NTFS
Drive D: | 10.97 Gb Total Space | 1.51 Gb Free Space | 13.77% Space Free | Partition Type: NTFS

Computer Name: BARLOW-PC3 | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 23:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/09 05:44:11 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/02/01 05:54:30 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/01 20:00:00 | 001,716,224 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 05:38:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 05:36:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 05:33:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/03/02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2011/01/10 11:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll
MOD - [2009/04/10 22:28:22 | 000,223,232 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/13 14:31:19 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/06/06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/31 16:39:14 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/05/31 16:36:00 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/29 01:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/03 01:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/04/10 20:39:17 | 000,067,072 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\cdrom.sys -- (cdrom)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/09/29 19:20:40 | 000,449,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WNDA31v.sys -- (WNDA3100)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/06 11:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 11:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 06:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/22 01:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/12 07:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 07:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/31 15:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2006/11/16 13:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006/11/16 13:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2001/08/27 13:29:26 | 000,050,528 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUSBMSD.SYS -- (EUSBMSD)
DRV - [2001/05/07 02:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://swagbucks.com...agbucks&p=1&b=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://home.verizon.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1289
FF - prefs.js..extensions.enabledItems: {B3834E60-12A8-11E0-A289-939FDFD72085}:1.0.4
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/20 08:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/21 08:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/19 07:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/19 07:05:11 | 000,000,000 | ---D | M]

[2011/04/01 20:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
[2011/10/18 13:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\zgmqu1hr.default\extensions
[2011/06/08 22:52:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\zgmqu1hr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/17 14:42:32 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\zgmqu1hr.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
[2011/10/18 13:17:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/26 22:59:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/12/20 08:50:05 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/11/21 08:43:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/18 10:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/26 22:57:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 10:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: X-notifier (Gmail, Hotmail, Yahoo, AOL ...) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apebebenniibdlpbookhgelaghfnaonp\0.8.8_0\
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Call of Duty Black Ops Theme 1920 = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccadhmappilfjgggoaaokglnncdjanpa\2.0_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: avast! WebRep = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.0.1_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: DealScout = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpmfjcpampmdgkjfjbjfloolnfojlogf\1.0.31.0_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKCU..\Run: [LightShot] C:\Users\Lisa\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe (Tiburon Technology, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6781558B-A70D-49F2-8928-1E06EC79599C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lisa\Pictures\2011-02-19 presidential trip\presidential trip 844.JPG
O24 - Desktop BackupWallPaper: C:\Users\Lisa\Pictures\2011-02-19 presidential trip\presidential trip 844.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/28 02:11:22 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/06/09 14:23:44 | 000,000,000 | ---D | M] - C:\Autoruns2 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/09 23:48:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/09 23:23:58 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/09 23:21:51 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2012/01/09 23:20:36 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2012/01/09 23:17:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2012/01/02 09:42:52 | 000,000,000 | ---D | C] -- C:\e0515cfe35a4e3b8f8
[2011/12/14 02:31:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/14 02:31:03 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/12/14 02:31:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 02:31:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 02:31:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 02:30:56 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/13 22:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Dennison
[2011/12/13 22:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Avery Dennison
[2011/12/13 22:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avery
[2011/12/13 16:39:46 | 000,000,000 | --SD | C] -- C:\Users\Lisa\Documents\My Data Sources
[2011/12/13 14:31:48 | 000,030,528 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2011/12/13 14:31:33 | 000,030,016 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2011/12/13 14:31:32 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll
[2011/12/13 14:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities
[2011/12/13 14:29:42 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\TuneUp Software
[2011/12/13 14:28:39 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010
[2011/12/13 14:26:26 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2011/12/13 14:26:09 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/12/13 13:29:56 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/13 13:29:55 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/13 13:29:30 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/13 13:29:17 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/13 13:29:07 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/13 13:28:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[1 C:\Users\Lisa\Documents\*.tmp files -> C:\Users\Lisa\Documents\*.tmp -> ]
[1 C:\Users\Lisa\AppData\Local\*.tmp files -> C:\Users\Lisa\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/10 00:40:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/10 00:20:34 | 000,008,298 | ---- | M] () -- C:\Windows\ePrompter.ini
[2012/01/10 00:20:27 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/10 00:18:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 00:18:56 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/10 00:18:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/10 00:18:02 | 937,881,600 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/10 00:14:17 | 000,000,512 | ---- | M] () -- C:\Users\Lisa\Desktop\MBR.dat
[2012/01/09 23:42:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3119167115-2967841087-1575142368-1000.job
[2012/01/09 23:27:08 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2012/01/09 23:24:51 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/09 23:22:17 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2012/01/09 23:20:50 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2012/01/09 23:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2012/01/09 08:09:06 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/01/08 17:17:13 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLisa.job
[2012/01/07 20:42:41 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/07 20:42:41 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/04 23:47:28 | 168,775,529 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/04 22:18:10 | 000,052,912 | ---- | M] () -- C:\Users\Lisa\Documents\hannaTranscript good.pdf
[2012/01/04 22:14:37 | 000,052,932 | ---- | M] () -- C:\Users\Lisa\Documents\hannaTranscript.pdf
[2012/01/02 17:03:29 | 000,007,017 | ---- | M] () -- C:\Users\Lisa\Documents\LCEHC preorder Menu 2011 12.ods
[2011/12/29 17:45:18 | 000,321,055 | ---- | M] () -- C:\Users\Lisa\Desktop\Minecraft Free.rar
[2011/12/28 15:43:08 | 000,001,007 | ---- | M] () -- C:\Users\Lisa\AppData\Local\UserProducts.xml
[2011/12/20 08:50:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/12/14 09:49:08 | 000,572,368 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 14:31:03 | 000,001,819 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/12/13 14:31:03 | 000,001,817 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[1 C:\Users\Lisa\Documents\*.tmp files -> C:\Users\Lisa\Documents\*.tmp -> ]
[1 C:\Users\Lisa\AppData\Local\*.tmp files -> C:\Users\Lisa\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/10 00:14:17 | 000,000,512 | ---- | C] () -- C:\Users\Lisa\Desktop\MBR.dat
[2012/01/07 15:40:28 | 000,321,055 | ---- | C] () -- C:\Users\Lisa\Desktop\Minecraft Free.rar
[2012/01/04 23:47:28 | 168,775,529 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/04 22:18:09 | 000,052,912 | ---- | C] () -- C:\Users\Lisa\Documents\hannaTranscript good.pdf
[2012/01/04 22:14:37 | 000,052,932 | ---- | C] () -- C:\Users\Lisa\Documents\hannaTranscript.pdf
[2012/01/02 17:03:17 | 000,007,017 | ---- | C] () -- C:\Users\Lisa\Documents\LCEHC preorder Menu 2011 12.ods
[2011/12/13 14:31:03 | 000,001,819 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Click Maintenance.lnk
[2011/12/13 14:31:03 | 000,001,817 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk
[2011/12/13 14:30:58 | 000,001,829 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk
[2011/08/31 06:55:51 | 000,001,007 | ---- | C] () -- C:\Users\Lisa\AppData\Local\UserProducts.xml
[2011/06/22 15:40:31 | 000,000,000 | ---- | C] () -- C:\Users\Lisa\AppData\Local\{818AF828-5C55-4AB6-8A84-DAB7968A264C}
[2011/06/11 20:00:29 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/18 07:45:33 | 000,008,298 | ---- | C] () -- C:\Windows\ePrompter.ini
[2011/04/01 20:25:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/13 02:19:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/19 16:08:27 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI
[2010/12/14 22:09:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/12/05 12:36:44 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/12/05 12:36:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/05 12:36:44 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/05 12:36:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/05 12:36:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/26 11:29:23 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/28 11:46:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/08 09:11:28 | 001,757,048 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/04/10 21:22:59 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2009/12/01 15:21:35 | 000,148,316 | ---- | C] () -- C:\Windows\hpwins05.dat
[2009/12/01 15:21:03 | 000,016,059 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2009/12/01 15:21:03 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2009/11/29 03:12:00 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/09/28 17:43:10 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/09/28 17:42:14 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/09/28 17:42:14 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/09/28 17:42:14 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/09/10 22:14:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 22:14:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/10 22:12:39 | 000,067,072 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys
[2009/08/19 09:12:27 | 000,000,552 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d8caps.dat
[2009/08/17 16:46:36 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/08/16 17:54:22 | 000,043,520 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/25 08:50:23 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009/07/22 14:59:04 | 000,000,981 | ---- | C] () -- C:\Windows\eReg.dat
[2009/07/16 16:00:47 | 000,000,774 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
[2009/07/13 08:53:00 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/07/13 08:52:59 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/07/13 08:52:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/07/13 08:52:59 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/07/13 08:52:59 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/07/13 08:52:59 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/07/13 08:52:59 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/07/13 08:52:59 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/07/13 08:52:59 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/07/13 08:52:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/07/13 08:52:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/07/13 08:52:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/07/13 08:52:59 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/07/13 08:52:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/07/13 08:52:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/07/13 08:52:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/07/13 08:50:44 | 000,000,071 | ---- | C] () -- C:\Windows\EPNX110.ini
[2009/06/30 12:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/30 10:16:55 | 000,007,728 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat
[2008/12/18 21:41:18 | 000,286,208 | ---- | C] () -- C:\Windows\System32\cncs232.dll
[2008/12/18 21:41:18 | 000,001,113 | ---- | C] () -- C:\Windows\Treble.ini
[2008/12/18 21:41:18 | 000,000,902 | ---- | C] () -- C:\Windows\Bass.ini
[2008/08/28 02:12:43 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/28 01:45:12 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/28 01:45:12 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 04:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:44:53 | 000,572,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 02:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Lisa\Documents\RascalFlattsMyWish.mp3:TOC.WMV

< End of report >
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there are a few elements to remove but I would like you to run combofix one more time please - allowing it to update

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /flushdns /c
    C:\Windows\system32\jureg.exe

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Re- run combofix and post the log please

Re-run OTL with the following script please


  • Open OTL.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd /s
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ipsec /s
    hklm\software\clients\startmenuinternet|command /rs
    hklm\software\clients\startmenuinternet|command /64 /rs
    C:\Windows\assembly\tmp\U\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • There will be just one log

  • 0

#5
lfb8769

lfb8769

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
ComboFix 12-01-13.05 - Lisa 01/14/2012 14:00:44.3.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.894.280 [GMT -8:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\default\us_sres.data
c:\program files\%APPDATA%
c:\program files\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
c:\program files\DealScout
c:\program files\DealScout\dealscout.crx
c:\program files\DealScout\installer.ico
c:\program files\DealScout\uninstall.exe
c:\users\Lisa\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
c:\users\Lisa\Documents\~WRL0003.tmp
c:\users\Lisa\GoToAssistDownloadHelper.exe
c:\windows\$NtUninstallKB59470$
c:\windows\$NtUninstallKB59470$\2566943054\cfg.ini
.
c:\windows\system32\drivers\cdrom.sys was missing
Restored copy from - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-12-14 to 2012-01-14 )))))))))))))))))))))))))))))))
.
.
2012-01-14 22:22 . 2012-01-14 22:27 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2012-01-14 22:22 . 2012-01-14 22:22 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-14 22:22 . 2012-01-14 22:22 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-14 22:22 . 2012-01-14 22:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-14 22:22 . 2009-04-11 04:39 67072 ----a-w- c:\windows\system32\drivers\cdrom.sys
2012-01-13 16:29 . 2012-01-13 16:29 -------- d-----w- c:\users\Lisa\AppData\Roaming\Avery
2012-01-11 02:06 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-10 23:36 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll
2012-01-10 23:36 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll
2012-01-10 23:36 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll
2012-01-10 23:36 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll
2012-01-10 23:36 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-01-10 23:35 . 2011-12-01 15:21 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-01-10 23:35 . 2011-10-25 15:58 1314816 ----a-w- c:\windows\system32\quartz.dll
2012-01-10 23:35 . 2011-10-25 15:58 497152 ----a-w- c:\windows\system32\qdvd.dll
2012-01-10 07:48 . 2012-01-10 07:48 -------- d-----w- C:\TDSSKiller_Quarantine
2012-01-02 17:42 . 2012-01-02 17:43 -------- d-----w- C:\e0515cfe35a4e3b8f8
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-07-28 15:19 41184 ----a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2009-08-29 03:04 199816 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-04-05 05:03 435032 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2009-08-29 03:04 314456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2009-08-29 03:04 34392 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2009-08-29 03:04 52952 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2009-08-29 03:04 55128 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2009-08-29 03:04 20568 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-23 13:37 . 2011-12-13 21:29 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-11-21 10:47 . 2012-01-06 23:17 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9F604A5C-86A8-4EFF-A475-4E4732DD8DD4}\mpengine.dll
2011-11-08 14:42 . 2011-12-13 21:28 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-03 22:47 . 2011-12-14 10:31 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40 . 2011-12-14 10:30 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 10:31 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31 . 2011-12-14 10:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-31 13:52 . 2011-10-31 13:52 0 ---ha-w- c:\users\Lisa\AppData\Local\BITBCCF.tmp
2011-10-27 08:01 . 2011-12-13 21:29 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-27 08:01 . 2011-12-13 21:29 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-25 15:56 . 2011-12-13 21:29 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-19 15:08 . 2011-07-24 20:49 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll" [2011-03-16 214840]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}]
[HKEY_CLASSES_ROOT\YTNavAssist.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Swag_Bucks\prxtbSwa0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94}"= "c:\program files\Swag_Bucks\prxtbSwa0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightShot"="c:\users\Lisa\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2011-05-27 195072]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704]
"DPService"="c:\program files\HP\DVDPlay\DPService.exe" [2008-06-12 90112]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]
"VERIZONDM"="c:\program files\VERIZONDM\bin\sprtcmd.exe" [2011-02-01 206120]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2011-01-10 4318520]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-06-09 273544]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-12-25 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNDA3100 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3100\WNDA3100.exe [2008-4-1 1716224]
WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2057536]
WDSmartWare.lnk - c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ServicepointService]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PictureMover.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PictureMover.lnk
backup=c:\windows\pss\PictureMover.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Lisa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2009-08-18 01:12 1838592 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2008-06-02 22:14 75008 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 21:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" -delete
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 06:27]
.
2012-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-11 06:27]
.
2012-01-09 c:\windows\Tasks\HPCeeScheduleForLisa.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2008-08-28 03:03]
.
2012-01-14 c:\windows\Tasks\update-S-1-5-21-3119167115-2967841087-1575142368-1000.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-08-31 05:09]
.
2012-01-14 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2011-08-31 05:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://swagbucks.com/?t=w&q=swagbucks&p=1&b=1
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Presario&pf=cndt
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\zgmqu1hr.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.verizon.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: avast! WebRep: [email protected] - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Search Assistant: {B3834E60-12A8-11E0-A289-939FDFD72085} - %profile%\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-klmdb.sys
AddRemove-DealScout - c:\program files\DealScout\uninstall.exe
AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-01-14 14:31
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3119167115-2967841087-1575142368-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**V0Gf']
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4ef6e433
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ePrompter\ePrompter.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Verizon\VSP\ServicepointService.exe
c:\program files\VERIZONDM\bin\sprtsvc.exe
c:\program files\VERIZONDM\bin\tgsrvc.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
c:\users\Lisa\AppData\Local\Skillbrains\lightshot\1.4.0.10\LightShot.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WerFault.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Verizon\VSP\VerizonServicepointComHandler.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\TuneUp Utilities 2010\OneClick.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\windows\system32\RacAgent.exe
.
**************************************************************************
.
Completion time: 2012-01-14 14:42:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-14 22:42
ComboFix2.txt 2010-12-05 23:47
.
Pre-Run: 107,507,138,560 bytes free
Post-Run: 107,519,868,928 bytes free
.
- - End Of File - - 67F8043EBF7FD7CC7C945CF7D80B0A41
  • 0

#6
lfb8769

lfb8769

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I ran the OTL with the copy and paste inserted. and my computer locked up for over an hour. It said an error had occured. I rebooted and this small log came up. So I have not done the other two re-runs because this one did not work. I will wait for your instruction.



Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run the OTL scan now please with the script as posted previously

Also what are the current problems ?
  • 0

#8
lfb8769

lfb8769

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Here is the new OTL log. I have not re-run the ComboFix. Do you want me to run it also?
For other problems. My computer load everything very slow. It will not shut down all of the time. I click shut down and go to bed and get up in the morning and it is still on. My audio stopped working, just before I got the virus warning. There is a little "x" next to the little speaker in the tasktray. Do I need more Ram? I did a scan using one of Windows programs that the computer comes with and there were a lot of errors on my registry. I think I need serious help. Thank you
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

OTL logfile created on: 1/16/2012 8:44:49 AM - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Lisa\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.76 Mb Total Physical Memory | 404.41 Mb Available Physical Memory | 45.25% Memory free
2.01 Gb Paging File | 1.11 Gb Available in Paging File | 55.18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 221.91 Gb Total Space | 98.30 Gb Free Space | 44.29% Space Free | Partition Type: NTFS
Drive D: | 10.97 Gb Total Space | 1.51 Gb Free Space | 13.77% Space Free | Partition Type: NTFS

Computer Name: BARLOW-PC3 | User Name: Lisa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/01/09 23:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/28 10:01:24 | 003,744,552 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011/06/09 05:44:11 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/16 09:16:54 | 000,546,816 | ---- | M] (Skillbrains) -- C:\Users\Lisa\AppData\Local\Skillbrains\lightshot\1.4.0.10\Lightshot.exe
PRC - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe
PRC - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe
PRC - [2011/02/01 05:54:30 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtcmd.exe
PRC - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\ServicepointService.exe
PRC - [2011/01/10 11:56:32 | 004,318,520 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2011/01/10 11:56:32 | 000,488,760 | ---- | M] (Radialpoint Inc.) -- C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
PRC - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/01 20:00:00 | 001,716,224 | ---- | M] (NETGEAR) -- C:\Program Files\NETGEAR\WNDA3100\WNDA3100.exe
PRC - [2007/04/18 07:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/13 05:38:38 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/13 05:36:38 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/13 05:33:52 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/09/05 12:56:56 | 000,607,232 | ---- | M] () -- C:\Users\Lisa\AppData\Local\Skillbrains\lightshot\1.4.0.10\ScreenshotDll.dll
MOD - [2011/01/10 11:47:40 | 000,158,208 | ---- | M] () -- C:\Program Files\Verizon\VSP\Windows7Features.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/03 05:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/13 14:31:19 | 000,435,008 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011/11/28 10:01:23 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011/05/31 16:39:14 | 001,052,480 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/05/31 16:36:00 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/02/01 05:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2011/02/01 05:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2011/01/10 11:56:36 | 000,689,464 | ---- | M] (Radialpoint Inc.) [Auto | Running] -- C:\Program Files\Verizon\VSP\ServicepointService.exe -- (ServicepointService)
SRV - [2010/10/12 09:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/01/21 15:24:08 | 000,110,592 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009/09/29 08:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/06/16 07:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/02/29 01:07:18 | 000,942,080 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNDA3100\jswpsapi.exe -- (jswpsapi)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/28 09:53:53 | 000,435,032 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/11/28 09:53:35 | 000,314,456 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/11/28 09:52:19 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/11/28 09:52:16 | 000,052,952 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/11/28 09:52:07 | 000,055,128 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/11/28 09:51:50 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/03 01:05:34 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2010/02/24 14:41:50 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2008/11/11 12:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008/11/11 12:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008/11/11 12:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008/09/29 19:20:40 | 000,449,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WNDA31v.sys -- (WNDA3100)
DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/06/06 11:13:40 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008/06/06 11:13:10 | 000,145,440 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2008/05/22 06:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/05/22 01:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/05/06 15:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/12 07:27:34 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS3.sys -- (HSXHWBS3)
DRV - [2008/02/12 07:25:22 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/08/31 15:43:32 | 000,020,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2006/11/16 13:36:28 | 000,020,480 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DNISP50.sys -- (DNISp50)
DRV - [2006/11/16 13:36:18 | 000,021,504 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DNIMP50.sys -- (DNIMp50)
DRV - [2001/08/27 13:29:26 | 000,050,528 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUSBMSD.SYS -- (EUSBMSD)
DRV - [2001/05/07 02:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...resario&pf=cndt
IE - HKLM\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://swagbucks.com...agbucks&p=1&b=1
IE - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTNavAssist.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\..\URLSearchHook: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://home.verizon.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25
FF - prefs.js..extensions.enabledItems: [email protected]:6.0.1367
FF - prefs.js..extensions.enabledItems: {B3834E60-12A8-11E0-A289-939FDFD72085}:1.0.4
FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Verizon\VSP\nprpspa.dll (Verizon)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011/12/20 08:50:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/21 08:43:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/19 07:05:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/14 20:02:55 | 000,000,000 | ---D | M]

[2011/04/01 20:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions
[2012/01/10 02:17:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\zgmqu1hr.default\extensions
[2011/06/08 22:52:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\zgmqu1hr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/17 14:42:32 | 000,000,000 | ---D | M] (Search Assistant) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\zgmqu1hr.default\extensions\{B3834E60-12A8-11E0-A289-939FDFD72085}
[2012/01/10 02:17:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/26 22:59:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011/12/20 08:50:05 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST5\WEBREP\FF
[2011/11/21 08:43:04 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/03/18 10:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/26 22:57:29 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 10:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U25 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealNetworks™ RealPlayer Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Verizon Servicepoint (Enabled) = C:\Program Files\Verizon\VSP\nprpspa.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\8\NP_wtapp.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Lisa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: X-notifier (Gmail, Hotmail, Yahoo, AOL ...) = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apebebenniibdlpbookhgelaghfnaonp\0.8.8_0\
CHR - Extension: YouTube = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Call of Duty Black Ops Theme 1920 = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccadhmappilfjgggoaaokglnncdjanpa\2.0_0\
CHR - Extension: Google Search = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: avast! WebRep = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: ShopAtHome.com extension = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\igapgnpnmadafimalefljcfplikonjpp\6.0.0.1_1\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.4_0\
CHR - Extension: Gmail = C:\Users\Lisa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/01/14 15:30:04 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Swag Bucks Toolbar) - {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\..\Toolbar\WebBrowser: (Swag Bucks Toolbar) - {8BDEA9D6-6F62-45EB-8EE9-8A81AF0D2F94} - C:\Program Files\Swag_Bucks\prxtbSwa0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DPService] C:\Program Files\HP\DVDPlay\DPService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000..\Run: [LightShot] C:\Users\Lisa\AppData\Local\Skillbrains\lightshot\LightShot.exe ()
O4 - Startup: C:\Users\Lisa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ePrompter.lnk = C:\Program Files\ePrompter\ePrompter.exe (Tiburon Technology, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKU\S-1-5-21-3119167115-2967841087-1575142368-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6781558B-A70D-49F2-8928-1E06EC79599C}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Lisa\Pictures\2011-02-19 presidential trip\presidential trip 844.JPG
O24 - Desktop BackupWallPaper: C:\Users\Lisa\Pictures\2011-02-19 presidential trip\presidential trip 844.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/28 02:11:22 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/06/09 14:23:44 | 000,000,000 | ---D | M] - C:\Autoruns2 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/14 20:01:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/01/14 14:43:03 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\temp
[2012/01/14 14:25:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/01/14 14:25:29 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/01/14 10:43:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/01/13 08:29:46 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\Avery
[2012/01/10 18:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/10 18:06:41 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/10 01:53:26 | 004,383,253 | R--- | C] (Swearware) -- C:\Users\Lisa\Desktop\ComboFix.exe
[2012/01/09 23:48:04 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/01/09 23:23:58 | 010,847,608 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/09 23:21:51 | 004,713,472 | ---- | C] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2012/01/09 23:20:36 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2012/01/09 23:17:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2012/01/02 09:42:52 | 000,000,000 | ---D | C] -- C:\e0515cfe35a4e3b8f8
[1 C:\Users\Lisa\AppData\Local\*.tmp files -> C:\Users\Lisa\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/16 07:52:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/16 07:52:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/15 19:27:03 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-sys.job
[2012/01/15 18:40:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/15 15:42:00 | 000,000,374 | ---- | M] () -- C:\Windows\tasks\update-S-1-5-21-3119167115-2967841087-1575142368-1000.job
[2012/01/15 13:56:14 | 000,008,028 | ---- | M] () -- C:\Windows\ePrompter.ini
[2012/01/15 13:54:54 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2012/01/15 13:52:31 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/15 13:52:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/15 13:52:20 | 937,934,848 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/14 15:30:04 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/14 10:35:22 | 004,383,253 | R--- | M] (Swearware) -- C:\Users\Lisa\Desktop\ComboFix.exe
[2012/01/13 22:36:52 | 174,735,241 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/13 16:06:33 | 000,076,288 | ---- | M] () -- C:\Users\Lisa\Documents\Designpro grammar.zdl
[2012/01/10 18:06:45 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 00:14:17 | 000,000,512 | ---- | M] () -- C:\Users\Lisa\Desktop\MBR.dat
[2012/01/09 23:24:51 | 010,847,608 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lisa\Desktop\mbam-setup-1.60.0.1800.exe
[2012/01/09 23:22:17 | 004,713,472 | ---- | M] (AVAST Software) -- C:\Users\Lisa\Desktop\aswMBR.exe
[2012/01/09 23:20:50 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Lisa\Desktop\tdsskiller.exe
[2012/01/09 23:17:16 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Lisa\Desktop\OTL.exe
[2012/01/08 17:17:13 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLisa.job
[2012/01/07 20:42:41 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/07 20:42:41 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/04 22:18:10 | 000,052,912 | ---- | M] () -- C:\Users\Lisa\Documents\hannaTranscript good.pdf
[2012/01/04 22:14:37 | 000,052,932 | ---- | M] () -- C:\Users\Lisa\Documents\hannaTranscript.pdf
[2012/01/02 17:03:29 | 000,007,017 | ---- | M] () -- C:\Users\Lisa\Documents\LCEHC preorder Menu 2011 12.ods
[2011/12/29 17:45:18 | 000,321,055 | ---- | M] () -- C:\Users\Lisa\Desktop\Minecraft Free.rar
[2011/12/28 15:43:08 | 000,001,007 | ---- | M] () -- C:\Users\Lisa\AppData\Local\UserProducts.xml
[2011/12/20 08:50:05 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[1 C:\Users\Lisa\AppData\Local\*.tmp files -> C:\Users\Lisa\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/14 10:43:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/13 16:03:58 | 000,076,288 | ---- | C] () -- C:\Users\Lisa\Documents\Designpro grammar.zdl
[2012/01/10 18:06:45 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/10 00:14:17 | 000,000,512 | ---- | C] () -- C:\Users\Lisa\Desktop\MBR.dat
[2012/01/07 15:40:28 | 000,321,055 | ---- | C] () -- C:\Users\Lisa\Desktop\Minecraft Free.rar
[2012/01/04 23:47:28 | 174,735,241 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/01/04 22:18:09 | 000,052,912 | ---- | C] () -- C:\Users\Lisa\Documents\hannaTranscript good.pdf
[2012/01/04 22:14:37 | 000,052,932 | ---- | C] () -- C:\Users\Lisa\Documents\hannaTranscript.pdf
[2012/01/02 17:03:17 | 000,007,017 | ---- | C] () -- C:\Users\Lisa\Documents\LCEHC preorder Menu 2011 12.ods
[2011/08/31 06:55:51 | 000,001,007 | ---- | C] () -- C:\Users\Lisa\AppData\Local\UserProducts.xml
[2011/06/22 15:40:31 | 000,000,000 | ---- | C] () -- C:\Users\Lisa\AppData\Local\{818AF828-5C55-4AB6-8A84-DAB7968A264C}
[2011/06/11 20:00:29 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/05/18 07:45:33 | 000,008,028 | ---- | C] () -- C:\Windows\ePrompter.ini
[2011/04/01 20:25:29 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/13 02:19:03 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/12/19 16:08:27 | 000,000,035 | ---- | C] () -- C:\Windows\WorldBuilder.INI
[2010/12/14 22:09:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010/12/05 12:36:44 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2010/12/05 12:36:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/12/05 12:36:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/12/05 12:36:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/11/26 11:29:23 | 000,000,019 | ---- | C] () -- C:\Windows\popcinfo.dat
[2010/08/28 11:46:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/08 09:11:28 | 001,757,048 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010/04/10 21:22:59 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2009/12/01 15:21:35 | 000,148,316 | ---- | C] () -- C:\Windows\hpwins05.dat
[2009/12/01 15:21:03 | 000,016,059 | ---- | C] () -- C:\Windows\hpwscr05.dat
[2009/12/01 15:21:03 | 000,004,785 | ---- | C] () -- C:\Windows\hpwmdl05.dat
[2009/11/29 03:12:00 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009/09/28 17:43:10 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2009/09/28 17:42:14 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009/09/28 17:42:14 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009/09/28 17:42:14 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009/09/10 22:14:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/10 22:14:10 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/19 09:12:27 | 000,000,552 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d8caps.dat
[2009/08/17 16:46:36 | 000,000,091 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2009/08/16 17:54:22 | 000,043,520 | ---- | C] () -- C:\Users\Lisa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/25 08:50:23 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2009/07/22 14:59:04 | 000,000,981 | ---- | C] () -- C:\Windows\eReg.dat
[2009/07/16 16:00:47 | 000,000,774 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\wklnhst.dat
[2009/07/13 08:53:00 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009/07/13 08:52:59 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2009/07/13 08:52:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2009/07/13 08:52:59 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2009/07/13 08:52:59 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2009/07/13 08:52:59 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2009/07/13 08:52:59 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2009/07/13 08:52:59 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2009/07/13 08:52:59 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2009/07/13 08:52:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2009/07/13 08:52:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2009/07/13 08:52:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2009/07/13 08:52:59 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2009/07/13 08:52:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2009/07/13 08:52:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2009/07/13 08:52:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2009/07/13 08:50:44 | 000,000,071 | ---- | C] () -- C:\Windows\EPNX110.ini
[2009/06/30 12:00:37 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/06/30 10:16:55 | 000,007,728 | ---- | C] () -- C:\Users\Lisa\AppData\Local\d3d9caps.dat
[2008/12/18 21:41:18 | 000,286,208 | ---- | C] () -- C:\Windows\System32\cncs232.dll
[2008/12/18 21:41:18 | 000,001,113 | ---- | C] () -- C:\Windows\Treble.ini
[2008/12/18 21:41:18 | 000,000,902 | ---- | C] () -- C:\Windows\Bass.ini
[2008/08/28 02:12:43 | 000,107,357 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/08/28 01:45:12 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll
[2008/08/28 01:45:12 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll
[2006/11/02 04:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 04:44:53 | 000,572,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 02:33:01 | 000,607,168 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 02:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 02:33:01 | 000,104,808 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 02:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 02:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 00:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 00:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/01 23:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 23:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2012/01/07 15:44:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\.minecraft
[2012/01/13 08:29:46 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Avery
[2010/06/15 07:25:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\CheckPoint
[2010/06/08 10:02:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dBpoweramp
[2011/07/22 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Disney Mix It Plug-in
[2011/07/26 08:51:22 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Epson
[2010/11/29 08:11:09 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Gamelab
[2010/12/11 21:46:22 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\iWin
[2009/07/13 09:01:54 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Leadertech
[2010/01/24 21:32:19 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\LEGO Company
[2011/01/22 14:01:21 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\MailWasherFree
[2011/05/14 09:47:27 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\MotioninJoy
[2009/09/16 20:03:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\OpenOffice.org
[2009/06/30 10:09:41 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PictureMover
[2010/12/20 16:03:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlayFirst
[2009/11/11 09:48:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Schoolhouse Technologies
[2011/11/22 17:02:27 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Smilebox
[2009/07/16 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Template
[2011/11/20 13:38:40 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Tific
[2011/12/13 14:29:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TuneUp Software
[2010/04/23 20:32:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Unity
[2011/01/25 07:47:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\updatetool
[2011/06/06 09:34:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\wargaming.net
[2011/09/07 01:21:57 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Western Digital
[2010/12/20 21:53:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wild Tangent
[2009/09/10 05:17:59 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinBatch
[2012/01/14 23:14:33 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/01/15 15:42:00 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\update-S-1-5-21-3119167115-2967841087-1575142368-1000.job
[2012/01/15 19:27:03 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\update-sys.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/28 22:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/28 22:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 19:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 22:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 18:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 18:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 18:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\ERDNT\cache\svchost.exe
[2008/01/20 18:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 18:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/20 18:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008/01/20 18:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 18:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 22:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 18:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/10 20:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{6781558B-A70D-49F2-8928-1E06EC79599C}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7CE36365-C172-44CC-B6BF-306BFD008961}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/20 18:34:01 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 01 01 06 01 02 01 07 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 01:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd /s >
"DisplayName" = @%systemroot%\system32\drivers\afd.sys,-1000
"Group" = PNP_TDI
"ImagePath" = \SystemRoot\system32\drivers\afd.sys
"Description" = @%systemroot%\system32\drivers\afd.sys,-1000
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"BootFlags" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd\Parameters]
"DefaultSendWindow" = 261360
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\afd\Enum]
"0" = Root\LEGACY_AFD\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ipsec /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/19 07:05:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/19 07:05:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/19 07:05:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/19 07:05:04 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/19 07:05:04 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/19 07:05:04 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 01:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 01:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 01:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 01:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/22 08:33:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/22 08:33:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/22 08:33:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/22 08:33:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/22 08:33:54 | 000,748,336 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/10/19 07:05:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/10/19 07:05:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/10/19 07:05:08 | 000,552,464 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/10/19 07:05:04 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/10/19 07:05:04 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/10/19 07:05:04 | 000,912,344 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/01/05 01:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/01/05 01:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/01/05 01:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/01/05 01:48:46 | 001,047,024 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/22 08:33:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/22 08:33:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/22 08:33:52 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/22 08:33:54 | 000,748,336 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2011/04/22 08:33:54 | 000,748,336 | ---- | M] (Microsoft Corporation)

< C:\Windows\assembly\tmp\U\*.* /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Lisa\Documents\RascalFlattsMyWish.mp3:TOC.WMV

< End of report >
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I would like you to delete the current copy of combofix from your desktop and download a fresh copy please

A further 1Gb of Ram would not come amiss

Ignore the registry errors as they are of no import

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2012/01/15 15:42:00 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\update-S-1-5-21-3119167115-2967841087-1575142368-1000.job
    [2012/01/15 19:27:03 | 000,000,374 | ---- | M] () -- C:\Windows\Tasks\update-sys.job

    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP